| |
@@ -1,605 +0,0 @@
|
| |
- diff --git lib/rubygems.rb lib/rubygems.rb
|
| |
- index 0685bcb3c6..a5a9202e56 100644
|
| |
- --- lib/rubygems.rb
|
| |
- +++ lib/rubygems.rb
|
| |
- @@ -10,7 +10,7 @@
|
| |
- require 'thread'
|
| |
-
|
| |
- module Gem
|
| |
- - VERSION = "2.6.14"
|
| |
- + VERSION = "2.6.14.1"
|
| |
- end
|
| |
-
|
| |
- # Must be first since it unloads the prelude from 1.9.2
|
| |
- diff --git lib/rubygems/commands/owner_command.rb lib/rubygems/commands/owner_command.rb
|
| |
- index 4b99434e87..2ee7f84462 100644
|
| |
- --- lib/rubygems/commands/owner_command.rb
|
| |
- +++ lib/rubygems/commands/owner_command.rb
|
| |
- @@ -62,7 +62,7 @@ def show_owners name
|
| |
- end
|
| |
-
|
| |
- with_response response do |resp|
|
| |
- - owners = YAML.load resp.body
|
| |
- + owners = Gem::SafeYAML.load resp.body
|
| |
-
|
| |
- say "Owners for gem: #{name}"
|
| |
- owners.each do |owner|
|
| |
- diff --git lib/rubygems/package.rb lib/rubygems/package.rb
|
| |
- index 77811ed5ec..b5a5fe2a26 100644
|
| |
- --- lib/rubygems/package.rb
|
| |
- +++ lib/rubygems/package.rb
|
| |
- @@ -378,7 +378,7 @@ def extract_tar_gz io, destination_dir, pattern = "*" # :nodoc:
|
| |
- File.dirname destination
|
| |
- end
|
| |
-
|
| |
- - FileUtils.mkdir_p mkdir, mkdir_options
|
| |
- + mkdir_p_safe mkdir, mkdir_options, destination_dir, entry.full_name
|
| |
-
|
| |
- open destination, 'wb' do |out|
|
| |
- out.write entry.read
|
| |
- @@ -416,20 +416,35 @@ def install_location filename, destination_dir # :nodoc:
|
| |
- raise Gem::Package::PathError.new(filename, destination_dir) if
|
| |
- filename.start_with? '/'
|
| |
-
|
| |
- - destination_dir = File.realpath destination_dir if
|
| |
- - File.respond_to? :realpath
|
| |
- + destination_dir = realpath destination_dir
|
| |
- destination_dir = File.expand_path destination_dir
|
| |
-
|
| |
- destination = File.join destination_dir, filename
|
| |
- destination = File.expand_path destination
|
| |
-
|
| |
- raise Gem::Package::PathError.new(destination, destination_dir) unless
|
| |
- - destination.start_with? destination_dir
|
| |
- + destination.start_with? destination_dir + '/'
|
| |
-
|
| |
- destination.untaint
|
| |
- destination
|
| |
- end
|
| |
-
|
| |
- + def mkdir_p_safe mkdir, mkdir_options, destination_dir, file_name
|
| |
- + destination_dir = realpath File.expand_path(destination_dir)
|
| |
- + parts = mkdir.split(File::SEPARATOR)
|
| |
- + parts.reduce do |path, basename|
|
| |
- + path = realpath path unless path == ""
|
| |
- + path = File.expand_path(path + File::SEPARATOR + basename)
|
| |
- + lstat = File.lstat path rescue nil
|
| |
- + if !lstat || !lstat.directory?
|
| |
- + unless path.start_with? destination_dir and (FileUtils.mkdir path, mkdir_options rescue false)
|
| |
- + raise Gem::Package::PathError.new(file_name, destination_dir)
|
| |
- + end
|
| |
- + end
|
| |
- + path
|
| |
- + end
|
| |
- + end
|
| |
- +
|
| |
- ##
|
| |
- # Loads a Gem::Specification from the TarEntry +entry+
|
| |
-
|
| |
- @@ -603,6 +618,10 @@ def verify_files gem
|
| |
- raise Gem::Package::FormatError.new \
|
| |
- 'package content (data.tar.gz) is missing', @gem
|
| |
- end
|
| |
- +
|
| |
- + if duplicates = @files.group_by {|f| f }.select {|k,v| v.size > 1 }.map(&:first) and duplicates.any?
|
| |
- + raise Gem::Security::Exception, "duplicate files in the package: (#{duplicates.map(&:inspect).join(', ')})"
|
| |
- + end
|
| |
- end
|
| |
-
|
| |
- ##
|
| |
- @@ -616,6 +635,16 @@ def verify_gz entry # :nodoc:
|
| |
- raise Gem::Package::FormatError.new(e.message, entry.full_name)
|
| |
- end
|
| |
-
|
| |
- + if File.respond_to? :realpath
|
| |
- + def realpath file
|
| |
- + File.realpath file
|
| |
- + end
|
| |
- + else
|
| |
- + def realpath file
|
| |
- + file
|
| |
- + end
|
| |
- + end
|
| |
- +
|
| |
- end
|
| |
-
|
| |
- require 'rubygems/package/digest_io'
|
| |
- diff --git lib/rubygems/package/tar_header.rb lib/rubygems/package/tar_header.rb
|
| |
- index c54bd14d57..d557357114 100644
|
| |
- --- lib/rubygems/package/tar_header.rb
|
| |
- +++ lib/rubygems/package/tar_header.rb
|
| |
- @@ -104,25 +104,30 @@ def self.from(stream)
|
| |
- fields = header.unpack UNPACK_FORMAT
|
| |
-
|
| |
- new :name => fields.shift,
|
| |
- - :mode => fields.shift.oct,
|
| |
- - :uid => fields.shift.oct,
|
| |
- - :gid => fields.shift.oct,
|
| |
- - :size => fields.shift.oct,
|
| |
- - :mtime => fields.shift.oct,
|
| |
- - :checksum => fields.shift.oct,
|
| |
- + :mode => strict_oct(fields.shift),
|
| |
- + :uid => strict_oct(fields.shift),
|
| |
- + :gid => strict_oct(fields.shift),
|
| |
- + :size => strict_oct(fields.shift),
|
| |
- + :mtime => strict_oct(fields.shift),
|
| |
- + :checksum => strict_oct(fields.shift),
|
| |
- :typeflag => fields.shift,
|
| |
- :linkname => fields.shift,
|
| |
- :magic => fields.shift,
|
| |
- - :version => fields.shift.oct,
|
| |
- + :version => strict_oct(fields.shift),
|
| |
- :uname => fields.shift,
|
| |
- :gname => fields.shift,
|
| |
- - :devmajor => fields.shift.oct,
|
| |
- - :devminor => fields.shift.oct,
|
| |
- + :devmajor => strict_oct(fields.shift),
|
| |
- + :devminor => strict_oct(fields.shift),
|
| |
- :prefix => fields.shift,
|
| |
-
|
| |
- :empty => empty
|
| |
- end
|
| |
-
|
| |
- + def self.strict_oct(str)
|
| |
- + return str.oct if str =~ /\A[0-7]*\z/
|
| |
- + raise ArgumentError, "#{str.inspect} is not an octal string"
|
| |
- + end
|
| |
- +
|
| |
- ##
|
| |
- # Creates a new TarHeader using +vals+
|
| |
-
|
| |
- diff --git lib/rubygems/package/tar_writer.rb lib/rubygems/package/tar_writer.rb
|
| |
- index f68b8d4c5e..390f7851a3 100644
|
| |
- --- lib/rubygems/package/tar_writer.rb
|
| |
- +++ lib/rubygems/package/tar_writer.rb
|
| |
- @@ -196,6 +196,8 @@ def add_file_signed name, mode, signer
|
| |
- digest_name == signer.digest_name
|
| |
- end
|
| |
-
|
| |
- + raise "no #{signer.digest_name} in #{digests.values.compact}" unless signature_digest
|
| |
- +
|
| |
- if signer.key then
|
| |
- signature = signer.sign signature_digest.digest
|
| |
-
|
| |
- diff --git lib/rubygems/server.rb lib/rubygems/server.rb
|
| |
- index df4eb566d3..a7b5243ba0 100644
|
| |
- --- lib/rubygems/server.rb
|
| |
- +++ lib/rubygems/server.rb
|
| |
- @@ -631,6 +631,18 @@ def root(req, res)
|
| |
- executables = nil if executables.empty?
|
| |
- executables.last["is_last"] = true if executables
|
| |
-
|
| |
- + # Pre-process spec homepage for safety reasons
|
| |
- + begin
|
| |
- + homepage_uri = URI.parse(spec.homepage)
|
| |
- + if [URI::HTTP, URI::HTTPS].member? homepage_uri.class
|
| |
- + homepage_uri = spec.homepage
|
| |
- + else
|
| |
- + homepage_uri = "."
|
| |
- + end
|
| |
- + rescue URI::InvalidURIError
|
| |
- + homepage_uri = "."
|
| |
- + end
|
| |
- +
|
| |
- specs << {
|
| |
- "authors" => spec.authors.sort.join(", "),
|
| |
- "date" => spec.date.to_s,
|
| |
- @@ -640,7 +652,7 @@ def root(req, res)
|
| |
- "only_one_executable" => (executables && executables.size == 1),
|
| |
- "full_name" => spec.full_name,
|
| |
- "has_deps" => !deps.empty?,
|
| |
- - "homepage" => spec.homepage,
|
| |
- + "homepage" => homepage_uri,
|
| |
- "name" => spec.name,
|
| |
- "rdoc_installed" => Gem::RDoc.new(spec).rdoc_installed?,
|
| |
- "ri_installed" => Gem::RDoc.new(spec).ri_installed?,
|
| |
- diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb
|
| |
- index 40e3a70d47..0a154b9001 100644
|
| |
- --- lib/rubygems/specification.rb
|
| |
- +++ lib/rubygems/specification.rb
|
| |
- @@ -15,6 +15,7 @@
|
| |
- require 'rubygems/stub_specification'
|
| |
- require 'rubygems/util/list'
|
| |
- require 'stringio'
|
| |
- +require 'uri'
|
| |
-
|
| |
- ##
|
| |
- # The Specification class contains the information for a Gem. Typically
|
| |
- @@ -2813,10 +2814,16 @@ def validate packaging = true
|
| |
- raise Gem::InvalidSpecificationException, "#{lazy} is not a summary"
|
| |
- end
|
| |
-
|
| |
- - if homepage and not homepage.empty? and
|
| |
- - homepage !~ /\A[a-z][a-z\d+.-]*:/i then
|
| |
- - raise Gem::InvalidSpecificationException,
|
| |
- - "\"#{homepage}\" is not a URI"
|
| |
- + # Make sure a homepage is valid HTTP/HTTPS URI
|
| |
- + if homepage and not homepage.empty?
|
| |
- + begin
|
| |
- + homepage_uri = URI.parse(homepage)
|
| |
- + unless [URI::HTTP, URI::HTTPS].member? homepage_uri.class
|
| |
- + raise Gem::InvalidSpecificationException, "\"#{homepage}\" is not a valid HTTP URI"
|
| |
- + end
|
| |
- + rescue URI::InvalidURIError
|
| |
- + raise Gem::InvalidSpecificationException, "\"#{homepage}\" is not a valid HTTP URI"
|
| |
- + end
|
| |
- end
|
| |
-
|
| |
- # Warnings
|
| |
- diff --git test/rubygems/test_gem_commands_owner_command.rb test/rubygems/test_gem_commands_owner_command.rb
|
| |
- index 44652c1093..53cac4ce87 100644
|
| |
- --- test/rubygems/test_gem_commands_owner_command.rb
|
| |
- +++ test/rubygems/test_gem_commands_owner_command.rb
|
| |
- @@ -43,6 +43,31 @@ def test_show_owners
|
| |
- assert_match %r{- 4}, @ui.output
|
| |
- end
|
| |
-
|
| |
- + def test_show_owners_dont_load_objects
|
| |
- + skip "testing a psych-only API" unless defined?(::Psych::DisallowedClass)
|
| |
- +
|
| |
- + response = <<EOF
|
| |
- +---
|
| |
- +- email: !ruby/object:Object {}
|
| |
- + id: 1
|
| |
- + handle: user1
|
| |
- +- email: user2@example.com
|
| |
- +- id: 3
|
| |
- + handle: user3
|
| |
- +- id: 4
|
| |
- +EOF
|
| |
- +
|
| |
- + @fetcher.data["#{Gem.host}/api/v1/gems/freewill/owners.yaml"] = [response, 200, 'OK']
|
| |
- +
|
| |
- + assert_raises Psych::DisallowedClass do
|
| |
- + use_ui @ui do
|
| |
- + @cmd.show_owners("freewill")
|
| |
- + end
|
| |
- + end
|
| |
- +
|
| |
- + end
|
| |
- +
|
| |
- +
|
| |
- def test_show_owners_setting_up_host_through_env_var
|
| |
- response = "- email: user1@example.com\n"
|
| |
- host = "http://rubygems.example"
|
| |
- diff --git test/rubygems/test_gem_package.rb test/rubygems/test_gem_package.rb
|
| |
- index 9d47f0dea4..5b93475314 100644
|
| |
- --- test/rubygems/test_gem_package.rb
|
| |
- +++ test/rubygems/test_gem_package.rb
|
| |
- @@ -455,6 +455,31 @@ def test_extract_tar_gz_symlink_relative_path
|
| |
- File.read(extracted)
|
| |
- end
|
| |
-
|
| |
- + def test_extract_symlink_parent
|
| |
- + skip 'symlink not supported' if Gem.win_platform?
|
| |
- +
|
| |
- + package = Gem::Package.new @gem
|
| |
- +
|
| |
- + tgz_io = util_tar_gz do |tar|
|
| |
- + tar.mkdir 'lib', 0755
|
| |
- + tar.add_symlink 'lib/link', '../..', 0644
|
| |
- + tar.add_file 'lib/link/outside.txt', 0644 do |io| io.write 'hi' end
|
| |
- + end
|
| |
- +
|
| |
- + # Extract into a subdirectory of @destination; if this test fails it writes
|
| |
- + # a file outside destination_subdir, but we want the file to remain inside
|
| |
- + # @destination so it will be cleaned up.
|
| |
- + destination_subdir = File.join @destination, 'subdir'
|
| |
- + FileUtils.mkdir_p destination_subdir
|
| |
- +
|
| |
- + e = assert_raises Gem::Package::PathError do
|
| |
- + package.extract_tar_gz tgz_io, destination_subdir
|
| |
- + end
|
| |
- +
|
| |
- + assert_equal("installing into parent path lib/link/outside.txt of " +
|
| |
- + "#{destination_subdir} is not allowed", e.message)
|
| |
- + end
|
| |
- +
|
| |
- def test_extract_tar_gz_directory
|
| |
- package = Gem::Package.new @gem
|
| |
-
|
| |
- @@ -566,6 +591,21 @@ def test_install_location_relative
|
| |
- "#{@destination} is not allowed", e.message)
|
| |
- end
|
| |
-
|
| |
- + def test_install_location_suffix
|
| |
- + package = Gem::Package.new @gem
|
| |
- +
|
| |
- + filename = "../#{File.basename(@destination)}suffix.rb"
|
| |
- +
|
| |
- + e = assert_raises Gem::Package::PathError do
|
| |
- + package.install_location filename, @destination
|
| |
- + end
|
| |
- +
|
| |
- + parent = File.expand_path File.join @destination, filename
|
| |
- +
|
| |
- + assert_equal("installing into parent path #{parent} of " +
|
| |
- + "#{@destination} is not allowed", e.message)
|
| |
- + end
|
| |
- +
|
| |
- def test_load_spec
|
| |
- entry = StringIO.new Gem.gzip @spec.to_yaml
|
| |
- def entry.full_name() 'metadata.gz' end
|
| |
- @@ -723,6 +763,32 @@ def test_verify_nonexistent
|
| |
- assert_match %r%nonexistent.gem$%, e.message
|
| |
- end
|
| |
-
|
| |
- + def test_verify_duplicate_file
|
| |
- + FileUtils.mkdir_p 'lib'
|
| |
- + FileUtils.touch 'lib/code.rb'
|
| |
- +
|
| |
- + build = Gem::Package.new @gem
|
| |
- + build.spec = @spec
|
| |
- + build.setup_signer
|
| |
- + open @gem, 'wb' do |gem_io|
|
| |
- + Gem::Package::TarWriter.new gem_io do |gem|
|
| |
- + build.add_metadata gem
|
| |
- + build.add_contents gem
|
| |
- +
|
| |
- + gem.add_file_simple 'a.sig', 0444, 0
|
| |
- + gem.add_file_simple 'a.sig', 0444, 0
|
| |
- + end
|
| |
- + end
|
| |
- +
|
| |
- + package = Gem::Package.new @gem
|
| |
- +
|
| |
- + e = assert_raises Gem::Security::Exception do
|
| |
- + package.verify
|
| |
- + end
|
| |
- +
|
| |
- + assert_equal 'duplicate files in the package: ("a.sig")', e.message
|
| |
- + end
|
| |
- +
|
| |
- def test_verify_security_policy
|
| |
- skip 'openssl is missing' unless defined?(OpenSSL::SSL)
|
| |
-
|
| |
- @@ -780,7 +846,13 @@ def test_verify_security_policy_checksum_missing
|
| |
-
|
| |
- # write bogus data.tar.gz to foil signature
|
| |
- bogus_data = Gem.gzip 'hello'
|
| |
- - gem.add_file_simple 'data.tar.gz', 0444, bogus_data.length do |io|
|
| |
- + fake_signer = Class.new do
|
| |
- + def digest_name; 'SHA512'; end
|
| |
- + def digest_algorithm; Digest(:SHA512); end
|
| |
- + def key; 'key'; end
|
| |
- + def sign(*); 'fake_sig'; end
|
| |
- + end
|
| |
- + gem.add_file_signed 'data2.tar.gz', 0444, fake_signer.new do |io|
|
| |
- io.write bogus_data
|
| |
- end
|
| |
-
|
| |
- diff --git test/rubygems/test_gem_package_tar_header.rb test/rubygems/test_gem_package_tar_header.rb
|
| |
- index d33877057d..43f508df45 100644
|
| |
- --- test/rubygems/test_gem_package_tar_header.rb
|
| |
- +++ test/rubygems/test_gem_package_tar_header.rb
|
| |
- @@ -143,5 +143,26 @@ def test_update_checksum
|
| |
- assert_equal '012467', @tar_header.checksum
|
| |
- end
|
| |
-
|
| |
- + def test_from_bad_octal
|
| |
- + test_cases = [
|
| |
- + "00000006,44\000", # bogus character
|
| |
- + "00000006789\000", # non-octal digit
|
| |
- + "+0000001234\000", # positive sign
|
| |
- + "-0000001000\000", # negative sign
|
| |
- + "0x000123abc\000", # radix prefix
|
| |
- + ]
|
| |
- +
|
| |
- + test_cases.each do |val|
|
| |
- + header_s = @tar_header.to_s
|
| |
- + # overwrite the size field
|
| |
- + header_s[124, 12] = val
|
| |
- + io = TempIO.new header_s
|
| |
- + assert_raises ArgumentError do
|
| |
- + new_header = Gem::Package::TarHeader.from io
|
| |
- + end
|
| |
- + io.close! if io.respond_to? :close!
|
| |
- + end
|
| |
- + end
|
| |
- +
|
| |
- end
|
| |
-
|
| |
- diff --git test/rubygems/test_gem_server.rb test/rubygems/test_gem_server.rb
|
| |
- index 4873fac5b6..96ed9194e9 100644
|
| |
- --- test/rubygems/test_gem_server.rb
|
| |
- +++ test/rubygems/test_gem_server.rb
|
| |
- @@ -336,6 +336,171 @@ def test_root_gemdirs
|
| |
- assert_match 'z 9', @res.body
|
| |
- end
|
| |
-
|
| |
- +
|
| |
- + def test_xss_homepage_fix_289313
|
| |
- + data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
|
| |
- + dir = "#{@gemhome}2"
|
| |
- +
|
| |
- + spec = util_spec 'xsshomepagegem', 1
|
| |
- + spec.homepage = "javascript:confirm(document.domain)"
|
| |
- +
|
| |
- + specs_dir = File.join dir, 'specifications'
|
| |
- + FileUtils.mkdir_p specs_dir
|
| |
- +
|
| |
- + open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
| |
- + io.write spec.to_ruby
|
| |
- + end
|
| |
- +
|
| |
- + server = Gem::Server.new dir, process_based_port, false
|
| |
- +
|
| |
- + @req.parse data
|
| |
- +
|
| |
- + server.root @req, @res
|
| |
- +
|
| |
- + assert_equal 200, @res.status
|
| |
- + assert_match 'xsshomepagegem 1', @res.body
|
| |
- +
|
| |
- + # This verifies that the homepage for this spec is not displayed and is set to ".", because it's not a
|
| |
- + # valid HTTP/HTTPS URL and could be unsafe in an HTML context. We would prefer to throw an exception here,
|
| |
- + # but spec.homepage is currently free form and not currently required to be a URL, this behavior may be
|
| |
- + # validated in future versions of Gem::Specification.
|
| |
- + #
|
| |
- + # There are two variant we're checking here, one where rdoc is not present, and one where rdoc is present in the same regex:
|
| |
- + #
|
| |
- + # Variant #1 - rdoc not installed
|
| |
- + #
|
| |
- + # <b>xsshomepagegem 1</b>
|
| |
- + #
|
| |
- + #
|
| |
- + # <span title="rdoc not installed">[rdoc]</span>
|
| |
- + #
|
| |
- + #
|
| |
- + #
|
| |
- + # <a href="." title=".">[www]</a>
|
| |
- + #
|
| |
- + # Variant #2 - rdoc installed
|
| |
- + #
|
| |
- + # <b>xsshomepagegem 1</b>
|
| |
- + #
|
| |
- + #
|
| |
- + # <a href="\/doc_root\/xsshomepagegem-1\/">\[rdoc\]<\/a>
|
| |
- + #
|
| |
- + #
|
| |
- + #
|
| |
- + # <a href="." title=".">[www]</a>
|
| |
- + regex_match = /xsshomepagegem 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/xsshomepagegem-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="\." title="\.">\[www\]<\/a>/
|
| |
- + assert_match regex_match, @res.body
|
| |
- + end
|
| |
- +
|
| |
- + def test_invalid_homepage
|
| |
- + data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
|
| |
- + dir = "#{@gemhome}2"
|
| |
- +
|
| |
- + spec = util_spec 'invalidhomepagegem', 1
|
| |
- + spec.homepage = "notavalidhomepageurl"
|
| |
- +
|
| |
- + specs_dir = File.join dir, 'specifications'
|
| |
- + FileUtils.mkdir_p specs_dir
|
| |
- +
|
| |
- + open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
| |
- + io.write spec.to_ruby
|
| |
- + end
|
| |
- +
|
| |
- + server = Gem::Server.new dir, process_based_port, false
|
| |
- +
|
| |
- + @req.parse data
|
| |
- +
|
| |
- + server.root @req, @res
|
| |
- +
|
| |
- + assert_equal 200, @res.status
|
| |
- + assert_match 'invalidhomepagegem 1', @res.body
|
| |
- +
|
| |
- + # This verifies that the homepage for this spec is not displayed and is set to ".", because it's not a
|
| |
- + # valid HTTP/HTTPS URL and could be unsafe in an HTML context. We would prefer to throw an exception here,
|
| |
- + # but spec.homepage is currently free form and not currently required to be a URL, this behavior may be
|
| |
- + # validated in future versions of Gem::Specification.
|
| |
- + #
|
| |
- + # There are two variant we're checking here, one where rdoc is not present, and one where rdoc is present in the same regex:
|
| |
- + #
|
| |
- + # Variant #1 - rdoc not installed
|
| |
- + #
|
| |
- + # <b>invalidhomepagegem 1</b>
|
| |
- + #
|
| |
- + #
|
| |
- + # <span title="rdoc not installed">[rdoc]</span>
|
| |
- + #
|
| |
- + #
|
| |
- + #
|
| |
- + # <a href="." title=".">[www]</a>
|
| |
- + #
|
| |
- + # Variant #2 - rdoc installed
|
| |
- + #
|
| |
- + # <b>invalidhomepagegem 1</b>
|
| |
- + #
|
| |
- + #
|
| |
- + # <a href="\/doc_root\/invalidhomepagegem-1\/">\[rdoc\]<\/a>
|
| |
- + #
|
| |
- + #
|
| |
- + #
|
| |
- + # <a href="." title=".">[www]</a>
|
| |
- + regex_match = /invalidhomepagegem 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/invalidhomepagegem-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="\." title="\.">\[www\]<\/a>/
|
| |
- + assert_match regex_match, @res.body
|
| |
- + end
|
| |
- +
|
| |
- + def test_valid_homepage_http
|
| |
- + data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
|
| |
- + dir = "#{@gemhome}2"
|
| |
- +
|
| |
- + spec = util_spec 'validhomepagegemhttp', 1
|
| |
- + spec.homepage = "http://rubygems.org"
|
| |
- +
|
| |
- + specs_dir = File.join dir, 'specifications'
|
| |
- + FileUtils.mkdir_p specs_dir
|
| |
- +
|
| |
- + open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
| |
- + io.write spec.to_ruby
|
| |
- + end
|
| |
- +
|
| |
- + server = Gem::Server.new dir, process_based_port, false
|
| |
- +
|
| |
- + @req.parse data
|
| |
- +
|
| |
- + server.root @req, @res
|
| |
- +
|
| |
- + assert_equal 200, @res.status
|
| |
- + assert_match 'validhomepagegemhttp 1', @res.body
|
| |
- +
|
| |
- + regex_match = /validhomepagegemhttp 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/validhomepagegemhttp-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="http:\/\/rubygems\.org" title="http:\/\/rubygems\.org">\[www\]<\/a>/
|
| |
- + assert_match regex_match, @res.body
|
| |
- + end
|
| |
- +
|
| |
- + def test_valid_homepage_https
|
| |
- + data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
|
| |
- + dir = "#{@gemhome}2"
|
| |
- +
|
| |
- + spec = util_spec 'validhomepagegemhttps', 1
|
| |
- + spec.homepage = "https://rubygems.org"
|
| |
- +
|
| |
- + specs_dir = File.join dir, 'specifications'
|
| |
- + FileUtils.mkdir_p specs_dir
|
| |
- +
|
| |
- + open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
| |
- + io.write spec.to_ruby
|
| |
- + end
|
| |
- +
|
| |
- + server = Gem::Server.new dir, process_based_port, false
|
| |
- +
|
| |
- + @req.parse data
|
| |
- +
|
| |
- + server.root @req, @res
|
| |
- +
|
| |
- + assert_equal 200, @res.status
|
| |
- + assert_match 'validhomepagegemhttps 1', @res.body
|
| |
- +
|
| |
- + regex_match = /validhomepagegemhttps 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/validhomepagegemhttps-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="https:\/\/rubygems\.org" title="https:\/\/rubygems\.org">\[www\]<\/a>/
|
| |
- + assert_match regex_match, @res.body
|
| |
- + end
|
| |
- +
|
| |
- def test_specs
|
| |
- data = StringIO.new "GET /specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n"
|
| |
- @req.parse data
|
| |
- diff --git test/rubygems/test_gem_specification.rb test/rubygems/test_gem_specification.rb
|
| |
- index 0fcc11e78f..1c68826fb3 100644
|
| |
- --- test/rubygems/test_gem_specification.rb
|
| |
- +++ test/rubygems/test_gem_specification.rb
|
| |
- @@ -2890,7 +2890,22 @@ def test_validate_homepage
|
| |
- @a1.validate
|
| |
- end
|
| |
-
|
| |
- - assert_equal '"over at my cool site" is not a URI', e.message
|
| |
- + assert_equal '"over at my cool site" is not a valid HTTP URI', e.message
|
| |
- +
|
| |
- + @a1.homepage = 'ftp://rubygems.org'
|
| |
- +
|
| |
- + e = assert_raises Gem::InvalidSpecificationException do
|
| |
- + @a1.validate
|
| |
- + end
|
| |
- +
|
| |
- + assert_equal '"ftp://rubygems.org" is not a valid HTTP URI', e.message
|
| |
- +
|
| |
- + @a1.homepage = 'http://rubygems.org'
|
| |
- + assert_equal true, @a1.validate
|
| |
- +
|
| |
- + @a1.homepage = 'https://rubygems.org'
|
| |
- + assert_equal true, @a1.validate
|
| |
- +
|
| |
- end
|
| |
- end
|
| |
-
|
| |
pvalena
commented 6 years ago
Identical to F27 rebase.
Scratch-build:
https://koji.fedoraproject.org/koji/taskinfo?taskID=26428491